10 November 2014

US Postal Service Breach Comments from (ISC)² Leadership

“Unfortunately, this breach is just the latest in a series of incidents that have targeted the US government. It seems this particular incident revealed information on individuals that could lead to targeted spear-phishing attacks towards USPS employees. All of us need to be aware of potential phishing schemes, but in this particular case, USPS employees should be on the lookout for any suspicious email that would serve as a mechanism to extract additional information such as USPS intellectual property, credit card information and other types of sensitive data.”-Dan Waddell, CISSP, CAP, Director of Government Affairs, (ISC)²

“It seems as though breaches are becoming so common as to be almost mundane. We cannot allow this to become an acceptable part of doing business, whether in the private or public sector. We need to ensure that employees are aware of basic security measures such as strong passwords and recognizing phishing attempts. We must also ensure that the people protecting our data are educated and understand the value of the data they protect.”-Erich Kron, CISSP-ISSAP, HCISPP, Director of Membership Relations and Services, (ISC)²

Comments

US Postal Service Breach Comments from (ISC)² Leadership

“Unfortunately, this breach is just the latest in a series of incidents that have targeted the US government. It seems this particular incident revealed information on individuals that could lead to targeted spear-phishing attacks towards USPS employees. All of us need to be aware of potential phishing schemes, but in this particular case, USPS employees should be on the lookout for any suspicious email that would serve as a mechanism to extract additional information such as USPS intellectual property, credit card information and other types of sensitive data.”-Dan Waddell, CISSP, CAP, Director of Government Affairs, (ISC)²

“It seems as though breaches are becoming so common as to be almost mundane. We cannot allow this to become an acceptable part of doing business, whether in the private or public sector. We need to ensure that employees are aware of basic security measures such as strong passwords and recognizing phishing attempts. We must also ensure that the people protecting our data are educated and understand the value of the data they protect.”-Erich Kron, CISSP-ISSAP, HCISPP, Director of Membership Relations and Services, (ISC)²